package base.util.lib;

public class StringUtils {
	/**
	 * 防止跨站脚本攻击,允许html标签，过滤js标签，适用于文本编辑器编辑的内容过滤。
	 * 
	 * @author 
	 * @param value
	 * @return
	 */
	public static String filterScript(String value) {

		if (value == null || value.length() == 0) {
			return value;
		}

		StringBuffer result = new StringBuffer(value.length());

		String script = null;

		int start = -1;
		int end = -1;
		int lastEnd = 0;

		for (int i = 0; i < value.length(); i++) {

			switch (value.charAt(i)) {
			case '<':
				start = i;
				break;
			case '>':
				end = i;
				break;
			}

			if (start > -1 && end > start) {

				script = value.substring(start + 1, end);

				if (script.trim().equalsIgnoreCase("script")
						|| script.trim().equalsIgnoreCase("/script")) {
					result.append(value.substring(lastEnd, start));
					result.append("&lt;");
					result.append(script);
					result.append("&gt;");

					lastEnd = end + 1;
				}

				start = -1;
				end = -1;
			}

		}

		if (lastEnd < value.length()) {
			result.append(value.substring(lastEnd, value.length()));
		}

		return result.toString();
	}

	/**
	 * 防止跨站脚本攻击 Note: 把文本格式转换成Html格式显示 替换内部的空格和回车，添加<BR>
	 * 
	 * @param str
	 *            String --待格式化的字符串
	 * @return String
	 */
	public static String getHtml(String str) {
		// 过滤敏感字符
		str = filter(str);
		if (str != null) {
			return str.replaceAll("\r\n", "<BR>");
		} else {
			return "&nbsp;";
		}
	}

	/**
	 * 防止跨站脚本攻击 过滤敏感字符 将HTML特殊字符转换为相应的实体字符。 Filter the specified string for
	 * characters that are sensitive to HTML interpreters, returning the string
	 * with these characters replaced by the corresponding character entities.
	 * 
	 * @param value
	 *            The string to be filtered and returned
	 */
	public static String filter(String value) {

		if (value == null || value.length() == 0) {
			return value;
		}

		StringBuffer result = null;
		String filtered = null;
		for (int i = 0; i < value.length(); i++) {
			filtered = null;
			switch (value.charAt(i)) {
			case '<':
				filtered = "&lt;";
				break;
			case '>':
				filtered = "&gt;";
				break;
			case '&':
				filtered = "&amp;";
				break;
			case '"':
				filtered = "&quot;";
				break;
			case '\'':
				filtered = "&#39;";
				break;
			}

			if (result == null) {
				if (filtered != null) {
					result = new StringBuffer(value.length() + 50);
					if (i > 0) {
						result.append(value.substring(0, i));
					}
					result.append(filtered);
				}
			} else {
				if (filtered == null) {
					result.append(value.charAt(i));
				} else {
					result.append(filtered);
				}
			}
		}

		return result == null ? value : result.toString();
	}

	/**
	 * 防止SQL注入 验证字符类型不能包含特殊字符 目前检测单引号
	 * 
	 * @param string
	 * @return
	 */
	public static boolean checkNonlicetCharacters(String string) {
		boolean flag = true;
		// 不许出现单引号
		if (string != null && string.indexOf("'") > 0) {
			flag = false;
		}

		return flag;
	}

	public static boolean checkJavascriptCode(String string) {
		boolean flag = false;
		if (string == null || "".equals(string)) {
			return false;
		}

		// 不许出现javascript:
		if (string != null && string.toLowerCase().indexOf("javascript:") >= 0) {
			flag = true;
		}

		// 不许出现>
		if (string != null && string.indexOf(">") > 0) {
			flag = true;
		}
		// 不许出现<
		if (string != null && string.indexOf("<") > 0) {
			flag = true;
		}
		return flag;
	}

	/**
	 * 防止SQL注入 将拼接SQL参数中的单个单引号替换成两个单引号，仅用于动态拼接SQL且使用Statement的情况
	 * 使用PreparedStatement时不需要调用此方法
	 * 
	 * 
	 * @param string
	 * @return
	 */
	public static String getValidSQLPara(String string) {
		if (string == null || string.length() == 0) {
			return string;
		}
		return string.replaceAll("'", "''");
	}

	/**
	 * Notes: 防止跨站脚本攻击 过滤敏感字符 将HTML特殊字符转换为相应的实体字符 不过滤& Created: 2010-8-11
	 * 
	 * @author: ZKF31719
	 * @version: 1.0
	 * 
	 * @param value
	 * @return
	 */
	public static String filterUrl(String value) {

		if (value == null || value.length() == 0) {
			return value;
		}

		StringBuffer result = null;
		String filtered = null;
		for (int i = 0; i < value.length(); i++) {
			filtered = null;
			switch (value.charAt(i)) {
			case '<':
				filtered = "&lt;";
				break;
			case '>':
				filtered = "&gt;";
				break;
			case '"':
				filtered = "&quot;";
				break;
			case '\'':
				filtered = "&#39;";
				break;
			}

			if (result == null) {
				if (filtered != null) {
					result = new StringBuffer(value.length() + 50);
					if (i > 0) {
						result.append(value.substring(0, i));
					}
					result.append(filtered);
				}
			} else {
				if (filtered == null) {
					result.append(value.charAt(i));
				} else {
					result.append(filtered);
				}
			}
		}

		return result == null ? value : result.toString();
	}

	/**
	 * 过滤单双引号 如果是"'",则替换成"\'";如果是"""，则替换成"\""
	 * 
	 * @param string
	 * @return
	 */
	public static String filterQuote(String string) {
		if (string == null || string.length() == 0) {
			return string;
		}
		string = string.replaceAll("[\']", "\\\\\'");
		string = string.replaceAll("[\"]", "\\\\\"");

		return string;
	}

	/**
	 * 
	 * description: 过滤搜索引擎返回的结果,过滤除<font .....></font>外的敏感字符、跨站攻击脚本
	 * 
	 */
	public static String filterSearchResult(String value) {

		if (value == null || value.length() == 0) {
			return value;
		}

		int end = -1;
		StringBuffer result = new StringBuffer();
		String filtered = null;
		for (int i = 0; i < value.length(); i++) {
			char tempChar = value.charAt(i);

			if (i <= end) {
				filtered = String.valueOf(tempChar);
			} else {
				if (String.valueOf(tempChar).equals("<")) {
					if (value.length() >= i + 6
							&& (value.substring(i, i + 5).equalsIgnoreCase(
									"<font") || value.substring(i, i + 6)
									.equalsIgnoreCase("</font"))) {
						filtered = String.valueOf(tempChar);
						end = value.indexOf(">", i);
					} else {
						filtered = "&lt;";
					}

				} else if (String.valueOf(tempChar).equals(">")) {
					filtered = "&gt;";
				} else if (String.valueOf(tempChar).equals("&")) {
					filtered = "&amp;";
				} else if (String.valueOf(tempChar).equals("\"")) {
					filtered = "&quot;";
				} else if (String.valueOf(tempChar).equals("\'")) {
					filtered = "&#39;";
				} else {
					filtered = String.valueOf(tempChar);
				}
			}

			if (filtered != null) {
				result.append(filtered);
			}

		}

		return result == null ? value : result.toString();
	}

	/**
	 * 防止跨站脚本攻击 过滤敏感字符 将HTML特殊字符转换为相应的实体字符。 过滤json序列化字符串 with these characters
	 * replaced by the corresponding character entities.
	 * 
	 * @param value
	 *            The string to be filtered and returned
	 */
	public static String filterForJson(String value) {

		if (value == null || value.length() == 0) {
			return value;
		}

		StringBuffer result = null;
		String filtered = null;
		for (int i = 0; i < value.length(); i++) {
			filtered = null;
			switch (value.charAt(i)) {
			case '<':
				filtered = "&lt;";
				break;
			case '>':
				filtered = "&gt;";
				break;
			case '&':
				filtered = "&amp;";
				break;
			}

			if (result == null) {
				if (filtered != null) {
					result = new StringBuffer(value.length() + 50);
					if (i > 0) {
						result.append(value.substring(0, i));
					}
					result.append(filtered);
				}
			} else {
				if (filtered == null) {
					result.append(value.charAt(i));
				} else {
					result.append(filtered);
				}
			}
		}

		return result == null ? value : result.toString();
	}
}
